Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

openSUSE Leap 15.0: 2019:1180-1 Important Samba Path Traversal Fix

opensuse
Calendar Grey April 10, 2019
Dist Opensuse Esm H88
An important security patch for Fedora addresses a vulnerability in PHP, correcting a critical bug along with several minor ones.
An update that solves one vulnerability and has 5 fixes is now available.

Description

This update for samba fixes the following issues:

Security issue fixed:

- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which

allowed an unprivileged user to save registry files outside a share

(bsc#1131060).

ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):

- Out of bound read in ldb_wildcard_compare

- Hold at most 10 outstanding paged result cookies

- Put "results_store" into a doubly linked list

- Refuse to build Samba against a newer minor version of ldb

Non-security issues fixed:

- Fixed update-apparmor-samba-profile script after apparmor switched to

using named profiles (bsc#1126377).

- Abide to the load_printers parameter in smb.conf (bsc#1124223).

This update was imported from SUSE:SLE-15:Update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1180=1

Package List

- openSUSE Leap 15.0 (i586 x86_64):

ctdb-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-pcp-pmda-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-tests-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ctdb-tests-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

ldb-debugsource-1.2.4-lp150.10.1

ldb-tools-1.2.4-lp150.10.1

ldb-tools-debuginfo-1.2.4-lp150.10.1

libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-binding0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc-samr0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libdcerpc0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1

libldb-devel-1.2.4-lp150.10.1

libldb1-1.2.4-lp150.10.1

libldb1-debuginfo-1.2.4...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2019-3880.html

https://bugzilla.suse.com/1114407

https://bugzilla.suse.com/1124223

https://bugzilla.suse.com/1125410

https://bugzilla.suse.com/1126377

https://bugzilla.suse.com/1131060

https://bugzilla.suse.com/1131686

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1180-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here